Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / .NET Framework / General / May 2008

Tip: Looking for answers? Try searching our database.

how to implement a Role-Based winapp

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Khafancoder - 12 May 2008 20:21 GMT
Hi ,

i'm developing a permission-based win application
there is one Permission for each possible Action in db & each Role
has
some Permissions
and a custom authentication system is implemented for identifying
users and their roles

now,
1.i want to know what's advantages of using .Net Role-Based
Security ?
i mean for controlling access of user to resources i could simply use
something like this :
** if (currentuser.HasPermission("RequiredPermission")) then do the
action **

2.i would check user permission in Business layer but i want all of
my
biz methods contains a piece of code for controlling the access
is there any way to force all methods to have this piece of code or
at
least a special code Attribute ?

Thanks in advance
Reply to this Message
Marc Gravell - 13 May 2008 08:41 GMT
Implementing role-based security in a winform is the same as any other;
set the principal to something... at the simplest level see below(you
can do much more sophisticated thing if you create your own principal).

The advantage here is that a: it has runtime support built in (for the
attribute check), and b: any code (yours or 3rd party) can check the
same roles without needing to know about the specific implementation.
Note that VS2008 includes support for using the ASP.NET roles provider
inside a winform (via a web-service login).

For enforcing security on all the methods automatically (rather than
having to add the attribute) - one option would be PostSharp; it looks
like it would be trivial to add some code that simply does a Demand...

Marc

static void Main(string[] args)
        {
            string[] myRoles = {"GUEST", "USER"};
            Thread.CurrentPrincipal = new GenericPrincipal(
                new GenericIdentity("Fred"), myRoles);
            UserMethod();
            CheckManually();
            AdminMethod();
        }
        [PrincipalPermission(SecurityAction.Demand, Role = "USER")]
        static void UserMethod()
        {
            Console.WriteLine("User method");
        }

        static void CheckManually()
        {
            string role = "GUEST"; // dynamic...
            bool isInRole = Thread.CurrentPrincipal.IsInRole(role);

            // or to demand (throwing a suitable exception if not)
            PrincipalPermission perm = new PrincipalPermission(null, role);
            perm.Demand();

            Console.WriteLine(isInRole);
        }

        [PrincipalPermission(SecurityAction.Demand, Role = "ADMIN")]
        static void AdminMethod()
        {
            Console.WriteLine("Admin method");
        }
Reply to this Message
Khafancoder - 13 May 2008 13:59 GMT

 Rate this thread:







Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.